Windows 10 Backdoor Welcomes Cyber Intruders
Microsoft fixed a critical bug (CVE-2021-31166), which allowed remote code execution with kernel rights on the machines running Windows 10 versions 2004/20H2 and Windows Server versions 2004/20H2. Microsoft alerted its users that the vulnerability was wormable and could multiply itself across multiple servers inside the network to wreak havoc. In order to exploit this vulnerability, a cyber intruder would have to send a ”specially crafted packet to servers still using the vulnerable HTTP Protocol Stack to process packets.” Shortly after the vulnerability was discovered, Microsoft patched the flaw as part of its recent Patch Tuesday updates.
Defining CVE-2021-31166: What Is CVE-2021-31166?
The vulnerability was first discovered residing in HTTP Protocol Stack (HTTP.sys), an essential utility that helps Windows Internet Information Services (IIS) web servers accurately process HTTP requests. If exploited, the flaw would allow an unauthenticated attacker to send packets to a vulnerable server and remotely execute an arbitrary code. The bug could also be used as an entryway to the launch of a remote unauthenticated denial of service (DoS) attack, leading to the Blue Screen of Death (BSoD) on the vulnerable devices. If things could not be any worse, the CVE-2021-31166 bug allows network worms to multiply across other services that were not initially exposed.
Proof-of-Concept Exploit Code Released for CVE-2021-31166
In May, Alex Souchet, a security researcher, released a proof-of-concept (PoC) exploit for this flaw. The code does not have auto-spreading capabilities to show how a cyber intruder could use CVE-2021-3166 to carry out attacks on vulnerable systems. While a public PoC does not have the worming functions, it does show an easier way to block affected Windows installations. The presence of the PoC may be a motivator for adversaries that want to leverage this security flaw against Windows IIS servers that are currently exposed.
The fact that Microsoft has already patched this vulnerability and released it along with other Windows 10 updates likely means that many systems will be protected from attacks. However, for those who have yet to install any of the latest Windows 10 updates from Microsoft, now would be a great time to install these updates because it can prevent individuals and organizations from becoming a victim of an attack due to this vulnerability.
CVE-2021-31166: Detection, Mitigation, and Workarounds
Thankfully, the bug has been addressed by Microsoft during one of its Patch Tuesday releases in May 2021. Microsoft alerted all users that could be running vulnerable installations to upgrade to a secure version. Many organizations will discover that patch management is easier said than done. IT and security teams may often be forced into prioritizing patches and fixes for multiple business-critical systems, especially when numerous are released at once. It has become expected to expect several patches to be released on Microsoft’s Patch Tuesday.
How Can Your Organization Protect Itself from Attacks on Windows Devices?
For many businesses and organizations, their IT and security teams have been fighting a plethora of critical bugs and vulnerabilities in Microsoft Windows 10. Many IT admins and security teams have found themselves fighting one vulnerability after another. Vulnerabilities and critical bugs are consistent weapons in a cybercriminal’s armory. Escalating privileges, stealing credentials, and carrying out ransomware attacks are known goals malicious actors want to accomplish, and vulnerabilities can make it easier to do so. Organizations that do not take the recommended proactive mitigation steps are putting targets on their backs that can be seen from a mile away, and this can be costly and detrimental to their operations. It is recommended that IT teams and security follow the mitigation procedures.
Windows and Security: Will Windows 11 Be More Secure?
In June, Microsoft made an announcement that Windows 11 would be released later in 2021. Aside from the addition of added features and an enhanced user interface, Microsoft has talked about the new security measures that are expected to make their grand entry in Windows 11. Due to the variety of attacks that have been taken on Windows 10, it has raised the question of whether Windows 11 will be more secure than Windows 10.
According to Microsoft, Windows 11 will offer improvements in the security and design departments. Security was one of the main drivers for businesses and organizations upgrading to Windows 10 from Windows 7. Since that time, we have witnessed a variety of high-profile hacking incidents, data breaches, and an increase in ransomware. As a result, security has made its way up the agenda.
So, will Windows 11 be more secure than Windows 10? That could be a difficult question to answer. PCs that are operating under modern hardware security features will be more secure than PCs that are operating without them. However, if a PC has these features, users can take advantage of them with the recent version of Windows 10. New security features in Windows 11 will go beyond the support for the relevant hardware. Enterprise users will be able to get secure, multi-factor single sign-on from devices to the cloud and apps with ”Windows Hello for Business”. Microsoft is also improving its inherent security by requiring PCs to have at least Trusted Platform Module (TPM) 2.0.
There is significant time remaining between now and the 2021 release of Windows 11 for things to change. While there are some programs that are currently working on the preview build, this does not mean these same programs will run on the final version of Windows 11. It is always a good idea to use the latest operating system installed on the devices because it will allow users to benefit from the most recent security updates, in addition to providing users with the best overall performance. However, Microsoft has stated that it plans to support Windows 10 until 2025, so this means that users do not have to make the transition to Windows 11 right away.
Apply the proper procedures within your organization to cut through the noise, and use the resources you have to receive updates and alerts for cloud vulnerability exposures and misconfiguration, making vulnerabilities and flaws things that your organization no longer has to worry about. For more information on how your organization can leverage a secure cloud environment, contact Mathe Inc. today.
With over 35 years in the business of supporting and implementing technology for the SME market, and 6 years previously in Corporate IT and Voice. I have seen a great deal of change. The only common thread is I have always focused on the Business Wise application of Technology. We always try to look 5 years ahead of the current technology to make sure our clients are on the right track to meet current and future needs.